Software Development Risk Assessment for Clouds National Technical University of Ukraine “Kiev Polytechnic Institute” Heat and energy design faculty Department of automation design of energy processes and systems (ADEPS) VІI scientific and practical seminar with international participation “Economic security of the state and scientific and technological aspects of its provision". October 21-22, 2015, Kyiv, Ukraine Students of 6 th department group TI-41m Hanna Shvedova Pavlo Seredin

What is a risk? ◉ effect of uncertainty on objectives, which may or may not happen and caused by ambiguity or a lack of information (ISO (2009) / ISO Guide 73:2002) ◉ any future uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives such as scope, schedule, cost, or quality (PMBOK, 5th Edition) VІI “Economic security of the state and scientific and technological aspects of its provision“ 2

Types of risks Schedule Risk Software development, given the intangible nature and uniqueness of software, is inherently difficult to estimate and schedule. Budget Risk Wrong budget estimation or cost overruns or project scope expansion. Operational Risks The prospect of loss resulting from inadequate or failed procedures, systems or policies. Technology Risks It includes delays arising out of software & hardware defects or the failure of an underlying service or a platform. External Risks All uncertain risks are outside. It can be: running out of fund, market development, changing customer’s priority, government rule changes. Resources Risks Resource issues such as turnover and learning curves are common project risks. VІI “Economic security of the state and scientific and technological aspects of its provision“ 3

Risk management process Define the environment, understand the context. Risk identification is an iterative process. New risks will be identified as the project progresses through the life cycle. Determination of quantitative or qualitative value of risk and a recognized threat enables the organization to understand the business context of their overall vulnerabilities - and prepare for and mitigate loss. Review and monitoring - keep this process and iterate during the project VІI “Economic security of the state and scientific and technological aspects of its provision“ 4 Risk mitigation - follow the typical ways to manage the risk: avoidance (eliminate), reduction, sharing (transfer), retention (accept)

“ Cloud computing is a computing resource deployment and procurement model that enables an organization to obtain its computing resources and applications from any location via an Internet connection.

Usage of clouds ◉ One in every five enterprises in the EU use cloud computing services. ◉ The information and communications sector is the largest adopter of cloud computing services at forty-five percent. ◉ Finland is the leading country for cloud computing in the EU. It is well above the EU average with one in every two enterprises using a form of cloud computing service there. VІI “Economic security of the state and scientific and technological aspects of its provision“ 6

Service models of clouds Infrastructure as a service (IaaS) provides access to server hardware, storage, network capacity, and other fundamental computing resources. Software as a service (SaaS) provides integrated access to a provider’s software applications. Platform as a service (PaaS) provides access to basic operating software and services to develop and use customer-created software applications. VІI “Economic security of the state and scientific and technological aspects of its provision“ 7

Network Dependency Of even bigger concern are the few instances in which customers have lost data, either due to an issue with the cloud provider or with malicious attackers. Typical risks for clouds Ownership Many public cloud providers, including the largest and best known, have clauses in their contracts that explicitly states that the data stored is the provider's - not the customer's. VІI “Economic security of the state and scientific and technological aspects of its provision“ 8

Typical risks for clouds Lack of transparency cloud customers have little insight into the storage location(s) of data, algorithms used by the CSP to provision or allocate computing resources, the specific controls used to secure components of the cloud computing architecture, or how customer data is segregated within the cloud. Security and compliance concerns data is located on hardware outside of the organization’s direct control. Depending on the cloud solution used, a cloud customer organization may be unable to obtain and review network operations or security incident logs because they are in the possession of the CSP. IT organizational changes If cloud computing is adopted to a significant degree, an organization needs fewer internal IT personnel in the areas of infrastructure management, technology deployment, application development, and maintenance. The morale and dedication of remaining IT staff members could be at risk as a result. VІI “Economic security of the state and scientific and technological aspects of its provision“ 9

Web resources: VІI “Economic security of the state and scientific and technological aspects of its provision“ 10

Any questions ? You can find me at Thanks!